Brocade® DCX, DCX 8510-8, DCX-4S and DCX 8510-4 Backbones ...

More documents

Recommendations

Info

iii) Critical Functions Tests: (1) RSA 2048 Encrypt/Decrypt KAT b) Conditional Self-Tests: i) Continuous Random Number Generator (RNG) test – performed on non-approved RNG. ii) iii) iv) Continuous Random Number Generator test – performed on ANSI X9.31 DRNG. RSA 1024/2048 SHA-1 Pairwise Consistency Test (Sign/Verify) RSA 1024/2048 Pairwise Consistency Test (Encrypt/Decrypt) v) Firmware Load Test (RSA 1024 SHA-1 Signature Verification vi) Bypass Test: N/A vii) Manual Key Entry Test: N/A 4) At any time the cryptographic module is in an idle state, the operator shall be capable of commanding the module to perform the power-up self-test. 5) Data output shall be inhibited during key generation, self-tests, zeroization, and error states. 6) Status information shall not contain CSPs or sensitive data that if misused could lead to a compromise of the module. 7) The module does not support a maintenance role or maintenance interface. 9. Physical Security Policy Physical Security Mechanisms The multi-chip standalone cryptographic module includes the following physical security mechanisms: Production-grade components and production-grade opaque enclosure with tamper evident seals. Tamper evident seals. Operator Required Actions The operator is required to inspect the tamper evident seals, periodically, per the guidance provided in the user documentation. Physical Security Mechanisms Recommended Frequency of Inspection/Test Inspection/Test Guidance Details Tamper Evident Seals 12 months Reference Appendix A for a description of tamper label application for all evaluated platforms. Table 16 Inspection/Testing of Physical Security Mechanisms 10. Mitigation of Other Attacks Policy The module has not been designed to mitigate any specific attacks beyond the scope of FIPS 140-2 requirements. Brocade Communications FOS 7.0.0b or FOS 7.0.0b1 DCX Security Policy v2.0 20
11. Definitions and Acronyms 10 GbE 10 Gigabit Ethernet AES Advanced Encryption Standard Blade Blade server CBC Cipher Block Chaining CLI Command Line interface CSP Critical Security Parameter DH Diffie-Hellman FIPS Federal Information Processing Standard FOS Fabric Operating System GbE Gigabit Ethernet HMAC Hash Message Authentication Code HTTP Hyper Text Transfer Protocol KAT Known Answer Test LED Light Emitting Diode LDAP Lightweight Directory Access Protocol MAC Message Authentication Code NTP Network Time Protocol NOS Network Operating System PKI Public Key Infrastructure PROM Programmable read-only memory RADIUS Remote Authentication Dial In User Service RNG Random Number Generator RSA Rivest Shamir and Adleman method for asymmetric encryption SCP Secure Copy Protocol SHA Secure Hash Algorithm SSH Secure Shell Protocol TDES Triple Data Encryption Standard TLS Transport Layer Security Protocol 12. Brocade Abbreviations 24P 24 ports 48P 48 ports 16GB 16 Gigabit 8GB 8 Gigabit SFP Small form-factor pluggable LWL long wave length SWL Short wave length LIC License UPG Upgrade 2PS Two power supply modules 0P No port blades 0SFP Zero SFP devices provided 2CP Two Control processor blades (see Table 4) 2 CORE Two core switch blades (see Table 4) ENT BUN Enterprise Software License Bundle: Adaptive Networking, Extended Fabrics, Advance Performance Monitoring, Trunking, Fabric Watch, Server Application Optimized (see foot note for Table 2 & 3) BR Brocade WWN World Wide Name card POD Ports on Demand, Defines the size of an upgrade license. For example, a 24-Port POD License Brocade Communications FOS 7.0.0b or FOS 7.0.0b1 DCX Security Policy v2.0 21
Page 1 and 2: Brocade® DCX, DCX 8510-8, DCX-4S a
Page 3 and 4: Table of Tables Table 1 Firmware Ve
Page 5 and 6: ` DCX Backbone Part Number Brief De
Page 7 and 8: The name of a backbone-based valida
Page 9 and 10: Figure 2 DCX 8510-4 and DCX 8510-8
Page 11 and 12: Diffie-Hellman (DH) with 1024 bit o
Page 13 and 14: 4. Ports and Interfaces The cryptog
Page 15 and 16: 5. Identification and Authenticatio
Page 17 and 18: 6. Access Control Policy Roles and
Page 19: DH Public Key FCAP Public Key TLS P
Page 23 and 24: Appendix A: Tamper Label Applicatio
Page 25 and 26: Apply seven seals are to the non-po
Page 27 and 28: Brocade DCX-4S and DCX 8510-4 Backb
Page 29 and 30: Brocade 6510 Two tamper evident sea
Page 31 and 32: Brocade 7800 Two tamper evident sea

Brocade® DCX, DCX 8510-8, DCX-4S and DCX 8510-4 Backbones ...

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?